The company that made "turn it off" a feature.

It is 7:48 on a Tuesday morning, and somewhere a product team is about to push a redesigned checkout to ten percent of Australian users. Nobody is panicking. Nobody is on a call. The person in charge of the rollout is drinking the second half of her coffee. If the conversion rate dips by more than a point in the first fifteen minutes, the change will roll itself back, and she will hear about it on Slack. This unremarkable Tuesday is the product LaunchDarkly has been quietly selling for a decade.

For most of software's history, shipping code was a contact sport. You wrote a feature, you bundled it with a release, you deployed it on a Friday afternoon if you were brave or a Tuesday morning if you weren't, and then you stayed near your laptop. Rollback meant a hot-fix branch and an apology email. LaunchDarkly's pitch, dressed up over the years in increasingly serious enterprise language, is that this is a deeply silly way to run a business. The company sells the idea that releases should be observable, targeted, and reversible by default. About 2,000 organizations have agreed with them so far, including the kind of names - Atlassian, IBM, Square, JPMorgan Chase, SAP, NBC, Ryanair - that one usually associates with phrases like "change advisory board."

01 / The problem they sawThe Friday-night problem

Edith Harbaugh and John Kodumal met the problem the way most founders do: by losing weekends to it. Harbaugh had been a product director at TripIt, the travel app, where she watched engineers reinvent the same crude on/off switches every quarter to dark-launch new features. Kodumal had been an engineering manager at Atlassian, where he had built an internal flagging tool for the marketplace team. Two different companies. Two different stacks. Same fragile glue, written from scratch, sitting between code and the customer.

The realization, when it came, was unfussy. If every reasonably ambitious software team eventually built the same thing - a way to turn features on for some users and off for others, without redeploying - then maybe it was a thing, not a tool. Maybe it was a category. The two of them registered Catamorphic Co. in 2014, a name chosen for a Haskell concept that even most programmers cannot define on demand, and started shipping a feature-flag service from a one-room office in Oakland.

02 / The betA category nobody had named

The early bet was unobvious. Feature flags, as engineers had been writing them for years, were the kind of code you were vaguely ashamed of: a configuration check stapled to a deploy, often forgotten in production for months. Selling that as a SaaS product to people who could write a one-line if statement themselves was, on its face, a hard pitch.

The trick was to treat the thing seriously. LaunchDarkly built a low-latency, highly resilient SDK that could evaluate millions of flags per second without taking a runtime hit. They wrote SDKs for every major language and runtime, eventually crossing into edge networks and mobile. They added targeting rules, percentage rollouts, audit logs, governance, and the kind of role-based access controls that compliance officers actually ask about. Within a few years, what started as a glorified config service had grown into something a Fortune 100 CTO would put on an architecture diagram with a straight face.

03 / The product, todayFrom toggle to control plane

Walk into the LaunchDarkly dashboard in 2026 and the word "flag" feels almost quaint. The platform now sits across four overlapping surfaces. Feature Flags remain the heart of it: wrap a code path in a flag, ship it dark, target it to a country, a customer tier, a single beta user. Experimentation lets teams attach metrics to those flags and run multi-variant tests, with results read directly from the customer's own Snowflake, BigQuery, or Databricks warehouse rather than copied into a separate analytics silo.

Then there is Guarded Releases, introduced in late 2024, which is the product that quietly justifies the rest. A Guarded Release watches a rollout in real time, compares it to a baseline, and rolls itself back if something - error rates, latency, a business metric - goes the wrong way. The acquisition of Highlight.io in April 2025 plugged session replay and telemetry directly into that loop, so the system can not only roll back a bad release but also show you the exact user session that flagged the regression.

The most recent surface, AI Configs, applies the same idea to model-driven features. Prompts, model selections, and tuning parameters become first-class flags. Teams can A/B a Claude 4.7 response against a smaller fallback, watch the cost and latency curves move in real time, and swap models without a redeploy. It is, in a quietly inevitable way, the same product the company has always sold: separate the deploy from the release, the change from the risk.

What you can actually do with it

04 / The proofThe customers, the data, the partners

The customer list is the kind of thing investors put on a slide and then look meaningfully at the room. Atlassian, IBM, Square, SAP, BMW, NBC, Ryanair, HashiCorp, JPMorgan Chase. The unifying thread is not size, exactly. It is that each of these companies has at least one product team somewhere with a release schedule too important to leave to good intentions. LaunchDarkly's platform serves trillions of flag evaluations per day across those accounts, which is a number that begins to sound like genuine infrastructure once you let it sit for a second.

The partnerships are quieter but more revealing. AWS Marketplace and deep CloudWatch integration. Two-way wiring with Datadog so a flag flip shows up on the same dashboard as the latency spike it caused. Jira and Confluence, where flags link to tickets and release notes. Vercel and Cloudflare for the edge runtimes. Snowflake, Databricks, BigQuery and Redshift for warehouse-native experiments. Each integration is a small admission that LaunchDarkly does not want to be its own data platform; it wants to live inside the ones engineers already use.

05 / The missionLess drama, on purpose

The internal mission is some version of: separate the deploy from the release, and let teams ship faster with less risk. The external version is shorter. Less drama. The company's annual conference is called Galaxy, which is on-brand for an outfit named after long-exposure night photography, and the keynotes have started to sound less like product launches and more like quiet arguments about responsibility - to users, to engineers on call, to the people who run change advisory boards and have not been thanked enough.

Harbaugh stepped back from the CEO role a few years in, handing the reins to a more enterprise-leaning operator while staying close to the platform's direction. Kodumal stayed as CTO. Edith still hosts To Be Continuous, a podcast about modern software delivery that has been running for the better part of a decade, in which she interviews other founders about the problems LaunchDarkly mostly tries to make boring.

06 / Why it matters tomorrowThe next risk surface

The bet for the next decade is straightforward: the problems LaunchDarkly was built to solve have not gone away; they have moved. The risk surface of a modern application is no longer just code paths and database migrations. It is model versions and prompt templates, third-party API contracts, edge deployments, agentic tools that take real-world actions. AI Configs are the first serious attempt to extend the feature-flag idiom to that surface. Guarded Releases are the second. Both are wagers that the next generation of software incidents will not be caused by bad code so much as by bad behavior in production - and that the company that already owns the kill switch is the company you will call first.

It is 8:14 on the same Tuesday morning. The Australian checkout rollout is at thirty percent now. Conversion is steady. The product manager has finished her coffee. Nothing has gone wrong, which is, in LaunchDarkly's particular reading of the world, the most interesting thing that could possibly happen.